Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through trave
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-40047 represents a critical argument injection vulnerability in Apache Camel's Docling component that allows attackers to manipulate command-line arguments passed to the external `docling` tool. The vulnerability exists in the DoclingProducer class, which constructs and executes system commands via Java's ProcessBuilder without properly validating or sanitizing the `CamelDoclingCustomArguments` exchange header. With a CVSS score of 9.1, this flaw affects any organization using Apache Camel with the Docling component to process documents, potentially enabling remote code execution, arbitrary file access, or command injection attacks when untrusted input is processed. Organizations running document processing pipelines, integration platforms, or ETL workflows leveraging this component face immediate risk.
While CVE-2026-40047 does not currently map to specific MITRE ATT&CK techniques in public advisories, Casky's Claude-powered security skills would detect the attack patterns underlying argument injection vulnerabilities through analysis of command construction and execution flows. Practitioners using Casky would observe findings related to CWE-88 (Argument Delimiter Injection) patterns, including detection of unsanitized user input flowing into ProcessBuilder invocations, improper list concatenation in argument assembly, and absence of input validation before command execution. Extended reasoning capabilities would flag the semantic danger of appending untrusted list elements to system commands, helping teams identify similar injection points across their codebase and prioritize remediation of document processing functions handling external input.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-40047. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation